Which books are really MUST read for a person who attempts to create a critical parts of application(s) in security field, e.g. driver which are dealing with coding/decoding, firewall, kernel subsystem which rely on checking of rights/policies, a secure mail client, etc.
Are there any specific books covering applied C programming topics in field like this? Like how to design/write secure code, what are the common attacks your program must be resistant to and the like?
In my opinion, these are must-reads:
Cryptography in C and C++ - http://www.amazon.com/Cryptography-C-Michael-Welschenbach/dp/1590595025/
Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More - http://www.amazon.com/Secure-Programming-Cookbook-Cryptography-Authentication/dp/0596003943/
Cryptography Engineering: Design Principles and Practical Applications - http://www.amazon.com/Cryptography-Engineering-Principles-Practical-Applications/dp/0470474246/
Security Metrics: Replacing Fear, Uncertainty, and Doubt - http://www.amazon.com/Security-Metrics-Replacing-Uncertainty-Doubt/dp/0321349989/
Security Engineering: A Guide to Building Dependable Distributed Systems - http://www.amazon.com/Security-Engineering-Building-Dependable-Distributed/dp/0470068523/ (High-level, management issues, etc.)
The following book deserves honorable mention, although many experts repudiate it these days. However, some say it is the best book on the subject, so judge for yourself:
Applied Cryptography: Protocols, Algorithms, and Source Code in C, Second Edition - http://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Source/dp/0471117099/
Although I might pretend very well that I know a thing about networks or security and it might help me pass an interview or fix a bug, I don't really feel I'm fooling anyone. I'm looking for laymen explanation of current network security concepts and solutions. The information is scattered around and I didn't find a resource for "dummies" like me (e.g experienced Java developers that can speak the jargon but have no real clue what it means).
Topics I have a weak notion about and want to understand better as a Java developer:
Is there a resource out there that really explains it in a way that doesn't require a Cisco certificate / Linux lingo / know what is subnet masking or other plumbing skills?